using System;
using System.Collections.ObjectModel;

namespace AuthService.Options
{
    /// <summary>
    /// 认证服务配置选项
    /// </summary>
    public class AuthServiceOptions
    {
        /// <summary>
        /// 访问令牌过期时间（分钟）
        /// </summary>
        public int AccessTokenLifetimeMinutes { get; set; } = 60;

        /// <summary>
        /// 刷新令牌过期时间（分钟）
        /// </summary>
        public int RefreshTokenLifetimeMinutes { get; set; } = 43200; // 30天

        /// <summary>
        /// 会话过期时间（分钟）
        /// </summary>
        public int SessionLifetimeMinutes { get; set; } = 1440; // 24小时

        /// <summary>
        /// 最大并发会话数
        /// </summary>
        public int MaxConcurrentSessions { get; set; } = 5;

        /// <summary>
        /// 最大失败尝试次数
        /// </summary>
        public int MaxFailedAttempts { get; set; } = 5;

        /// <summary>
        /// 账户锁定时间（分钟）
        /// </summary>
        public int AccountLockoutDurationMinutes { get; set; } = 30;

        /// <summary>
        /// 是否要求高风险登录使用双因子认证
        /// </summary>
        public bool RequireMfaForHighRisk { get; set; } = true;

        /// <summary>
        /// 是否启用设备信任
        /// </summary>
        public bool EnableDeviceTrust { get; set; } = true;

        /// <summary>
        /// 是否启用地理位置验证
        /// </summary>
        public bool EnableLocationVerification { get; set; }

        /// <summary>
        /// 是否启用风险评估
        /// </summary>
        public bool EnableRiskAssessment { get; set; } = true;

        /// <summary>
        /// 高风险阈值
        /// </summary>
        public int HighRiskThreshold { get; set; } = 70;

        /// <summary>
        /// 中风险阈值
        /// </summary>
        public int MediumRiskThreshold { get; set; } = 30;

        /// <summary>
        /// JWT密钥
        /// </summary>
        public string JwtSecretKey { get; set; } = "your-256-bit-secret-key-here";

        /// <summary>
        /// JWT签发者
        /// </summary>
        public string JwtIssuer { get; set; } = "AuthService";

        /// <summary>
        /// JWT受众
        /// </summary>
        public string JwtAudience { get; set; } = "AuthService";

        /// <summary>
        /// 令牌加密密钥
        /// </summary>
        public string TokenEncryptionKey { get; set; } = "your-encryption-key-here";

        /// <summary>
        /// 密码复杂度要求
        /// </summary>
        public PasswordComplexityOptions PasswordComplexity { get; set; } = new();

        /// <summary>
        /// 双因子认证选项
        /// </summary>
        public TwoFactorOptions TwoFactor { get; set; } = new();

        /// <summary>
        /// OAuth选项
        /// </summary>
        public OAuthOptions OAuth { get; set; } = new();

        /// <summary>
        /// 风险评估选项
        /// </summary>
        public RiskAssessmentOptions RiskAssessment { get; set; } = new();

        /// <summary>
        /// 安全事件选项
        /// </summary>
        public SecurityEventOptions SecurityEvents { get; set; } = new();
    }

    /// <summary>
    /// 密码复杂度要求选项
    /// </summary>
    public class PasswordComplexityOptions
    {
        /// <summary>
        /// 最小长度
        /// </summary>
        public int MinLength { get; set; } = 8;

        /// <summary>
        /// 最大长度
        /// </summary>
        public int MaxLength { get; set; } = 128;

        /// <summary>
        /// 是否要求包含大写字母
        /// </summary>
        public bool RequireUppercase { get; set; } = true;

        /// <summary>
        /// 是否要求包含小写字母
        /// </summary>
        public bool RequireLowercase { get; set; } = true;

        /// <summary>
        /// 是否要求包含数字
        /// </summary>
        public bool RequireDigit { get; set; } = true;

        /// <summary>
        /// 是否要求包含特殊字符
        /// </summary>
        public bool RequireSpecialChar { get; set; } = true;

        /// <summary>
        /// 特殊字符列表
        /// </summary>
        public string SpecialChars { get; set; } = "!@#$%^&*()_+-=[]{}|;:,.<>?";

        /// <summary>
        /// 密码历史记录数量（防止重复使用）
        /// </summary>
        public int PasswordHistoryCount { get; set; } = 5;
    }

    /// <summary>
    /// 双因子认证选项
    /// </summary>
    public class TwoFactorOptions
    {
        /// <summary>
        /// 是否启用双因子认证
        /// </summary>
        public bool Enabled { get; set; }

        /// <summary>
        /// 是否强制启用双因子认证
        /// </summary>
        public bool ForceEnabled { get; set; }

        /// <summary>
        /// 可用的认证方法
        /// </summary>
        public Collection<string> AvailableMethods { get; } = new() { "AuthenticatorApp", "Email", "Sms" };

        /// <summary>
        /// 推荐的认证方法
        /// </summary>
        public Collection<string> RecommendedMethods { get; } = new() { "AuthenticatorApp" };

        /// <summary>
        /// 验证码有效期（分钟）
        /// </summary>
        public int CodeLifetimeMinutes { get; set; } = 5;

        /// <summary>
        /// 验证码长度
        /// </summary>
        public int CodeLength { get; set; } = 6;

        /// <summary>
        /// 最大重试次数
        /// </summary>
        public int MaxRetryAttempts { get; set; } = 3;

        /// <summary>
        /// 记住设备天数
        /// </summary>
        public int RememberDeviceDays { get; set; } = 30;

        /// <summary>
        /// 备份恢复码数量
        /// </summary>
        public int RecoveryCodeCount { get; set; } = 10;
    }

    /// <summary>
    /// OAuth选项
    /// </summary>
    public class OAuthOptions
    {
        /// <summary>
        /// 授权码有效期（分钟）
        /// </summary>
        public int AuthorizationCodeLifetimeMinutes { get; set; } = 10;

        /// <summary>
        /// 设备码有效期（分钟）
        /// </summary>
        public int DeviceCodeLifetimeMinutes { get; set; } = 15;

        /// <summary>
        /// 用户码有效期（分钟）
        /// </summary>
        public int UserCodeLifetimeMinutes { get; set; } = 15;

        /// <summary>
        /// 支持的授权类型
        /// </summary>
        public Collection<string> SupportedGrantTypes { get; } = new()
        {
            "authorization_code",
            "client_credentials",
            "password",
            "refresh_token",
            "device_code"
        };

        /// <summary>
        /// 支持的响应类型
        /// </summary>
        public Collection<string> SupportedResponseTypes { get; } = new()
        {
            "code",
            "token"
        };

        /// <summary>
        /// 支持的范围
        /// </summary>
        public Collection<string> SupportedScopes { get; } = new()
        {
            "openid",
            "profile",
            "email",
            "phone",
            "address",
            "read",
            "write"
        };

        /// <summary>
        /// 是否要求PKCE
        /// </summary>
        public bool RequirePkce { get; set; } = true;

        /// <summary>
        /// 是否允许明文PKCE
        /// </summary>
        public bool AllowPlainTextPkce { get; set; } = false;
    }

    /// <summary>
    /// 风险评估选项
    /// </summary>
    public class RiskAssessmentOptions
    {
        /// <summary>
        /// 是否启用风险评估
        /// </summary>
        public bool Enabled { get; set; } = true;

        /// <summary>
        /// 新设备登录风险分数
        /// </summary>
        public int NewDeviceRiskScore { get; set; } = 20;

        /// <summary>
        /// 新IP地址登录风险分数
        /// </summary>
        public int NewIpRiskScore { get; set; } = 15;

        /// <summary>
        /// 新地理位置登录风险分数
        /// </summary>
        public int NewLocationRiskScore { get; set; } = 25;

        /// <summary>
        /// 异常时间登录风险分数
        /// </summary>
        public int UnusualTimeRiskScore { get; set; } = 10;

        /// <summary>
        /// 可疑IP地址风险分数
        /// </summary>
        public int SuspiciousIpRiskScore { get; set; } = 30;

        /// <summary>
        /// 设备指纹不匹配风险分数
        /// </summary>
        public int FingerprintMismatchRiskScore { get; set; } = 35;

        /// <summary>
        /// 风险评估历史保留天数
        /// </summary>
        public int HistoryRetentionDays { get; set; } = 90;
    }

    /// <summary>
    /// 安全事件选项
    /// </summary>
    public class SecurityEventOptions
    {
        /// <summary>
        /// 是否启用安全事件记录
        /// </summary>
        public bool Enabled { get; set; } = true;

        /// <summary>
        /// 事件保留天数
        /// </summary>
        public int RetentionDays { get; set; } = 365;

        /// <summary>
        /// 是否记录成功事件
        /// </summary>
        public bool LogSuccessEvents { get; set; } = true;

        /// <summary>
        /// 是否记录失败事件
        /// </summary>
        public bool LogFailureEvents { get; set; } = true;

        /// <summary>
        /// 是否记录信息级别事件
        /// </summary>
        public bool LogInfoEvents { get; set; } = true;

        /// <summary>
        /// 是否记录警告级别事件
        /// </summary>
        public bool LogWarningEvents { get; set; } = true;

        /// <summary>
        /// 是否记录错误级别事件
        /// </summary>
        public bool LogErrorEvents { get; set; } = true;

        /// <summary>
        /// 是否记录严重级别事件
        /// </summary>
        public bool LogCriticalEvents { get; set; } = true;
    }
}